Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
7
Replies

C2960X+radius configuration

Go to solution
jmb09
Level 1
Level 1

‎05-30-2024 05:22 AM

Hi,

Excuse my poor english !

I surrendly hope something but i don't know what ....

I'm trying to configure 802.1x on my switch, and each time i lost cpacity to use "enable" or "control t" i loose level 15 possibilities ...

aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius if-authenticated
aaa authorization network default group radius
aaa session-id common
dot1x system-auth-control
radius server radiussrv ; c'est le nom du serveur

address ipv4 X.X.X.X auth-port 1812 acct-port 1813
key MySecret

I tried with aaa authorization network default group radius local but each time after these commands i am unable to do an enable command or an conf t command as i am reject to level 15.

I don't understand what i forgot beacause i am sure it miss me a command ...

 

Thank you for youe help have a nice day !

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jmb09
Level 1
Level 1

‎05-30-2024 09:20 AM

Hello /bonsoir,

Non pas tout à fait / No Not exactly

Nous voulons mettre en place l'aafecation de vlan automatique sur nos switchs en utilisant radius et freeradius / we would like to configuraure automatic vlan affectation on our switchs by using radius and freeradius

Mon soucis est  que des que je commence à saisir les commandes je perds l'acces enable/ou conf t /my problem is that when i begin to enter command i lost access to cont or enable command

Finalement il y a 5 mn je viens d e trouver une solution / finally there"s 5 mn i found a solution:

aaa authorization exec default local

Je ne sais pas si apres je vais avoir d 'autres soucis / I don't know if after i will have other troubles ....

J'ai commencé par installer le serveur freeradius qui fonctionne bien avec notre active directory / I began by installing freeradius server, it's running well with our active directory

Maintenant je commence seulement à configurer un switch et il me reste les ports à configurer / Now i began just to configure switch and it will stay all ports configurations to do .....

 

Thanks !

 

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
M02@rt37
VIP
VIP

‎05-30-2024 06:20 AM

Hello @jmb09 

add this command 

aaa authorization exec default group radius if-authenticated

This command should authorize users to level 15 (privileged EXEC mode) after successful authentication.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
jmb09
Level 1
Level 1

‎05-30-2024 06:34 AM

Hello !

Thank you for your rapid answer but it's always the same result i can connect the switch with ssh but i always can't enter in conf t or enable adter entering these commands

Enable refuse my password and conf t tell mes "invalid input detected" and i could "reload" switch from http interface ....

Thanks

 

 

0 Helpful

Go to solution
jmb09
Level 1
Level 1

‎05-30-2024 06:43 AM

Hello !

I tried to tpe command each one after each one to identify when blocking appears ...

It seems that began after entering th fist command : aaa authentication dot1x default group radius

My version is 152-7-E5

Thanks

 

0 Helpful

Go to solution
jmb09
Level 1
Level 1

‎05-30-2024 06:56 AM

Hello !

 

I think i done a mistake somewhere and may be i don't undestood somethink !

I would like to activate 802.1x on my port but keep th avaibility to connect with local users to manage switch, i suppose my error somewhere here !!

 

Thanks

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to jmb09

‎05-30-2024 09:07 AM

@jmb09 

Merci pour ces précisions.

Vous voulez vous connecter via RADIUS à votre switch c'est bien ça ? De plus vous avez du 802.1x de configurer sur des ports ?

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
jmb09
Level 1
Level 1

‎05-30-2024 09:20 AM

Hello /bonsoir,

Non pas tout à fait / No Not exactly

Nous voulons mettre en place l'aafecation de vlan automatique sur nos switchs en utilisant radius et freeradius / we would like to configuraure automatic vlan affectation on our switchs by using radius and freeradius

Mon soucis est  que des que je commence à saisir les commandes je perds l'acces enable/ou conf t /my problem is that when i begin to enter command i lost access to cont or enable command

Finalement il y a 5 mn je viens d e trouver une solution / finally there"s 5 mn i found a solution:

aaa authorization exec default local

Je ne sais pas si apres je vais avoir d 'autres soucis / I don't know if after i will have other troubles ....

J'ai commencé par installer le serveur freeradius qui fonctionne bien avec notre active directory / I began by installing freeradius server, it's running well with our active directory

Maintenant je commence seulement à configurer un switch et il me reste les ports à configurer / Now i began just to configure switch and it will stay all ports configurations to do .....

 

Thanks !

 

 

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to jmb09

‎05-30-2024 09:32 AM

Parfait, merci pour votre feedback.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card